1. In a computer network that includes different types of data structures, a 
method for authorizing a requesting entity to operate upon data structures in a standard 
manner, the method comprising: 

an act of maintaining a plurality of role templates that define basic access 
permissions with respect to one or more command methods, wherein at least some of the 
role templates define access permissions in a manner that is independent of the type of data 
structure being accessed; 

an act of maintaining a plurality of role definitions that define access permissions 
for specific entities by using one or more of the role templates; 

an act of receiving a request from the requesting entity to perform at least one of 
the command methods, the request identifying the requesting entity; 

an act of identifying a role definition corresponding to the requesting entity; and 

an act of determining access permissions for the requesting entity with respect to 
the command method using the role definition corresponding to the requesting entity. 

2. A method in accordance with Claim 1, wherein the' act of maintaining a 
pluarlity of role definitions that define access permissions for specific entities comprises: 

an act of the role definition corresponding to the requesting entity using at least one 
access permission that is specific to the requesting entity, wherein the access permission 
for the requesting entity are defined by the one or more role temples that are used by the 
corresponding role definition as well as the access permission that is specific to the 
requesting entity. 
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3. A method in accordance with Claim 1, wherein the request includes an 
identification of credentials used to authenticate the requesting entity, wherein the role 
definition corresponding to the requesting entity is identified using the credential 
identification, wherein different role definitions may apply depending on the credentials. 

4. A method in accordance with Claim 1, wherein the request identifies the 
requesting entity by identifying a user as well as a corresponding application that is 
making the request, wherein different role definitions may apply depending on both the 
identification of the user as well as the corresponding application. 



5. A method in accordance with Claim 1, wherein the act of maintaining a 
plurality of role templates that define basic access permissions comprises the following: 

an act of maintaining a role map document that contains all of the role templates for 
a particular service. 



6. A method in accordance with Claim 5, wherein the act of maintaining a role 



map document that contains all of the role templates for a particular service comprises the 




or more scopes. 



following: 



an act of defining one or more scopes that describe views on a data structure; and 



an act of defining a role template by associating a method type with one of the one 
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7. A method in accordance with Claim 5, wherein the act of maintaining a role 
map document that contains all of the role templates for a particular service comprises the 
following: 

an act of maintaining a role map document as a hierarchical data structure. 

8. A method in accordance with Claim 5, wherein the act of maintaining a role 
map document that contains all of the role templates for a particular service comprises the 
following: 

an act of maintaining a role map document as an XML document. 

9. A method in accordance with Claim 1, wherein the act of maintaining a 
plurality of role definitions that define access permissions for specific entities by using one 
or more of the role templates comprises the following: 

an act of maintaining a role list document that contains all of the role definitions for 
requesting entities that may attempt to access data structures belonging to an identity. 

10. A method in accordance with Claim 9, wherein the act of maintaining a role 
list document comprises the following: 

an act of defining a role definition by referencing a role template included in a role 
map document, 

11. A method in accordance with Claim 10, wherein the act of maintaining a 
role list document comprises the following: 

an act of maintaining a role list document as a hierarchical data structure. 
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12. A method in accordance with Claim 10, wherein the act of maintaining a 
role list document comprises the following: 

an act of maintaining a role list document as an XML document. 

13. A method in accordance with claim 1, wherein the act of receiving a request 
from the requesting entity to perform at least one of the command methods comprises the 
following: 

an act of receiving a request from the requesting entity to insert a portion into the 



14. A method in accordance with claim 1, wherein the act of receiving a request 
from the requesting entity to perform at least one of the command methods comprises the 



following: 

an act of receiving a request from the requesting entity to delete a portion from the 



data structure. 



data structure. 




following: 



from the requesting entity to perform at least one of the command methods comprises the 



an act of receiving a request from the requesting entity to update a portion of the 



15. A method in accordance with claim 1 , wherein the act of receiving a request 



5 



data structure. 
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16. A method in accordance with claim 1, wherein the act- of receiving a request 
from the requesting entity to perform at least one of the command methods comprises the 
following: 

an act of receiving a request from the requesting entity to replace a portion of the 
data structure. 

17. A method in accordance with claim 1 , wherein the act of receiving a request 
from the requesting entity to perform at least one of the command methods comprises the 
following: 

an act of receiving a request from the requesting entity to query regarding a portion 
of the data structure. 

18. A method as recited in Claim 1, wherein the one or more command 
methods comprise a set including insert, delete, query, update, and replace. 

19. A method as recited in Claim 1 , wherein the data structure represents in-box 
information. 

20. A method as recited in Claim 1, wherein the data structure represents 
calendar information. 

21. A method as recited in Claim 1, wherein the data structure represents 
document information. 
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22. A method as recited in Claim 1, wherein the data structure represents 
notification information. 

23. A method as recited in Claim 1, wherein the data structure represents 
content information. 

24. A method as recited in Claim 1, wherein the data structure represents role 
list information. 

25. A method as recited in Claim 1 5 wherein the data structure represents 
system information. 

26. A method as recited in Claim 1 ? wherein the act of identifying a role 
definition corresponding to the requesting entity comprises: 

an act of identifying the role definition by searching a database. 

27. A method as recited in Claim 1, wherein the act of identifying a role 
definition corresponding to the requesting entity comprises: 

an act of identifying the role definition based on authorized role information 
provided within the request. 

28. A method as recited in Claim 27, wherein the authorized role information 
includes an identification of a role template. 
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29. A method as recited in Claim 28, wherein the authorized role information 
further includes an identification of at least one refined, local scope. 

30. A computer-readable medium comprising computer-executable instructions 
for performing the acts recited in Claim 1. 
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31. In a computer network that includes different types of data structures, a 
method for authorizing a requesting entity to operate upon data structures in a standard 
manner, the method comprising: 

an act of maintaining a number of role templates that define basic access 
permissions with respect to a number of command methods, wherein at least some of the 
role templates define access permissions in a manner that is independent of the type of data 
structure being accessed; and 

a step for authorizing a requesting entity using the role templates in a manner that is 
independent of the type of data structure being accessed. 

32. A method in accordance with Claim 31, wherein the step for authorizing a 
requesting entity using the role templates comprises the following: 

an act of maintaining a plurality of role definitions that define access permissions 
for specific entities by using one or more of the role templates; 

an act of receiving a request from the requesting entity to perform at least one of 
the command methods, the request identifying the requesting entity; 

an act of identifying a role definition corresponding to the requesting entity; and 

an act of determining access permissions for the requesting entity with respect to 
the command method using the role definition corresponding to the requesting entity. 
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33. A computer-readable medium comprising computer-executable instructions 
for performing the act and step recited in Claim 3 1 . 
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34. A computer program product for use in a computer network that includes 
different types of data structures, the computer program product for implementing a 
method for authorizing a requesting entity to operate upon data structures in a standard 
manner, the computer program product comprising one or more computer-readable media 
have stored thereon the following: 

computer-executable instructions for maintaining a plurality of role templates that 
define basic access permissions with respect to one or more command methods, wherein at 
least some of the role templates define access permissions in a manner that is independent 
of the type of data structure being accessed; 

computer-executable instructions for maintaining a plurality of role definitions that 
define access permissions for specific entities by using one or more of the role templates; 

computer-executable instructions for detecting the receipt of a request from the 
requesting entity to perform at least one of the command methods, the request identifying 
the requesting entity; 

computer-executable instructions for identifying a role definition corresponding to 
the requesting entity; and 

computer-executable instructions for determining access permissions for the 
requesting entity with respect to the command method using the role definition 
corresponding to the requesting entity. 

35. A computer program product as recited in Claim 31, wherein the one or 
more computer-readable media are physical storage media. 



- Page 48 - 



Docket No. 13768.198.6 



4 



2 fg 



36. In a computer network that includes different services, applications, and an 
authorization station, the applications submitting requests to perform operations on 
different data structures managed by the different services, a system for isolating the 
authorization process from the services so that the services need not independently 
authorize each request they receive from the number of apolications, the system 
comprising: 

a plurality of services, each service configured to facilitate operations on one or 
more types of data structures; 

an authorization station configured to receive requests from a number of 
applications to operate upon data structures managed by any of the number of services, the 
authorization station configured to perform the following: 

receive a request to perform a target operation upon a target data structure 
managed by a target service; 

in a manner that is independent of the data structure desired to be operated 
upon, determine that the corresponding requesting entity Is authorized to perform 
the target operation on the target data structure; and 

communicate to the target service that the requesting entity is authorized to 
perform the target operation on the target data structure. 
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